Microsoft increases IE security, starts blocking old ActiveX controls

As part of Microsoft's ongoing effort to improve the security of its Internet Explorer browser, the company has started blocking outdated ActiveX plugins from being enabled.

ActiveX controls have been a feature of Internet Explorer for a very long time and help in enabling interactive content through the browser. Most third-party plugins such as Adobe Flash and Java make use of ActiveX to present content. However, it has been observed that these controls often have security vulnerabilities which can be exploited by hackers. Recently, Microsoft has started working on making IE secure and is now shifting its focus towards third-party plugins which can compromise the browser.

According to Microsoft, Java exploits comprised 84.6% to 98.5% vulnerabilities throughout 2013. Although, the plugins have been updated to fix the vulnerabilities, users sometimes ignore the updates, leaving the system at risk.

In order to prevent such security risks, Microsoft will start blocking outdated ActiveX controls starting August 12th on the following platforms:

  • Windows 7 SP1 with IE8+
  • Windows 8 with IE11 for the desktop

Trusted network zones and local intranet will be excluded from the blacklist and controlled test environments can install the controls as well. A complete list of the outdated ActiveX controls has been published by Microsoft. Server administrators should check out the documentation provided at source.

Source: MSDN Blogs | Image via Microsoft

Report a problem with article
Previous Story

Man arrested after Microsoft finds child porn on OneDrive account

Next Story

Windows Phone usage remains flat in the US for Q2

24 Comments

Commenting is disabled on this article.

I've found IE to be one of the worst browsers for viewing Microsoft sites lol

there are some ms sites which fail to load using IE 11 (albeit old sites)

TCLN Ryster said,
Really? Examples?

ill see if i can find a few, iirc one was on the eopen site

the error message was something like "you need to upgrade to ie 5 or later"

glen8 said,

ill see if i can find a few, iirc one was on the eopen site

the error message was something like "you need to upgrade to ie 5 or later"


Idiot developers != bad browser.

glen8 said,
....

And their higher traffic sites have rendering issues in my corporate approved IE8.
Does that mean IE is a bad browser?

Hardly.

IE 11 rocks those sites.

Hello,

A good move, and a long overdue one.

I am reminded of Microsoft's treatment of AutoRun/AutoPlay technology, which Microsoft took a long time to change in Windows XP. At one point, something like 20-30% of worms seen on a daily basis used AUTORUN.INF as a means of execution.

I hope the public won't have to wait long periods in the future for Microsoft to make changes like this to insecure features.

Regards,

Aryeh Goretsky

Or just periodically reinstall Windows to refresh the entire computer's performance, apps, and security. Best way to keep your machine operating at peak performance and stave off bit rot on the file system.

So glad to hear that Windows-7 SP1, with IE10 is covered. Never could and still can't get IE11 to install on my 64-bit machine. Oh well.

Lord Method Man said,
Good. IE is the only browser I will use so its great to hear that it will be improving even more.

IE isn't the ONLY browser I use, but it's the best one, and has been forever, IMO. Never have understood why so many think that Chrome crap is so good. It's not even close to secure and sure as heck isn't fast. Will NEVER put that thing on one of my computers again.

This is great news though.

ActiveX controls, oh yes.... I think of desktop channelbands and one of the the biggest boneheaded mistakes of shortsightedness (or even an expression of apathy) MS ever made in terms of security. They made a lot of mistakes around this time. Remember? Think of the "IE is integrated with Windows and cannot be removed" nonsense. Bwahaha

IE: Ok your going on the internet, wheres your condom?
You: *Shows old condom*
IE: Errr. No... It has holes in it and everything! I'm not letting you anywhere near the internet till you get a new one. You don't want to get internet aids do you?

Java exploits comprised 84.6% to 98.5% vulnerabilities throughout 2013

Figured it was high but.. damn. I've got nothing against Java... as long as it's kept a few hundred miles away from a browser.

Yay, it only took them about 18 years to figure out that most computers are infested with outdated activex controls from hell.

francescob said,
Yay, it only took them about 18 years to figure out that most computers are infested with outdated activex controls from hell.

You know that other browsers are facing the exact same problem with NPAPI plugins (which are the direct equivalent to ActiveX controls in IE). And guess what? They started only recently to worry about outdated plugin as well. It took them 18 years as well to block outdated plugins (NPAPI plugins were introduced a bit earlier than ActiveX controls).

link8506 said,
You know that other browsers are facing the exact same problem with NPAPI plugins (which are the direct equivalent to ActiveX controls in IE). And guess what? They started only recently to worry about outdated plugin as well. It took them 18 years as well to block outdated plugins (NPAPI plugins were introduced a bit earlier than ActiveX controls).
Lmaooo which other browsers? Safari and Firefox are 11 years old, Chrome is 6 years old. Opera is 18 years old, do you mean them lol?